Customize KDE Plasma to my favor

Install Sweet Theme
System Settings -> Appearance -> Global Themes -> Get New Global Themes
Sort by Rating and install „Sweet KDE“

Set Plasma Style to „Sweet“

Set Colors to „Sweet“
And change to blue highlight Colors

Set Window Decorations to „Sweet-Dark“
Also there set Window border size to „No Borders“
Also there tab „Titlebar Buttons“ remove the „pin to icon“ (drag it out of the title bar to the below area containing all the other icons)
Also there choose the edit button on the „Sweet-Dark“ thumbnail and change the button size to „huge“.

Check in System Settings -> Display and Monitor -> Compositor if it is turned on.
If not check „Enable on startup“.

System Settings -> Workspace Behavior -> Desktop Effects
Check Background Contrast
Check Blur
Check Dim Inactive
Check Slide Back
If you do not find Magic Lamp or Translucency etc. check the filter settings not to exclude unsupported effects.
Can be they won’t work goog with nvidia dkms 470

Open e.g. Dolphin file manager
Click on the System Menu in the above left corner of the window.
There choose „special window behaviour“.
Set Windows class to unimportant
Delete property with window name containing the dolphin string
Name the rule Window setting for all windows
Add Active opacity rule -> Force -> 100%
Add Inactive opacity rule -> Force -> 80%

System Settings -> Window Management -> KWin Script -> Get New Scripts.
Search for „Force Blur“.
Install version 0.6.x.
Open console, paste and execute

mkdir -p ~/.local/share/kservices5/
cp ~/.local/share/kwin/scripts/forceblur/metadata.desktop ~/.local/share/kservices5/forceblur.desktop

In KWin Scripts settings enable Force Blur -> do some settings -> and Apply (maybe disable Force Blur and enable it again – then apply).

Install lightly shaders
Navigate to https://github.com/a-parhom/LightlyShaders
Set to branch „v2.0“
In Konsole install needed packages for building

sudo apt install git cmake g++ gettext extra-cmake-modules qttools5-dev libqt5x11extras5-dev libkf5configwidgets-dev libkf5crash-dev libkf5globalaccel-dev libkf5kio-dev libkf5notifications-dev kinit-dev kwin-dev libkdecorations2-dev

Download and build Lightly Shaders
git clone https://github.com/a-parhom/LightlyShaders
cd LightlyShaders; git checkout v2.0
mkdir qt5build; cd qt5build; cmake ../ -DCMAKE_INSTALL_PREFIX=/usr && make && sudo make install && (kwin_x11 –replace &)

Navigate to System Settings -> Workspace Behavior -> Desktop Effects
Enable Lightly Shaders
Change the settings to
Radius 10px
Shadow offset 6px
Check Outline around window
Outline strength 30%
Check Use black border (dark theme mode)

FOG imaging custom SSL/TLS certificates in iPXE

You have to build the iPXE with the custom server certificate not the custom CA certificate!

– Deploy server cert to /var/www/html/fog/management/other/ssl/srvpublic.crt
– Deploy ca cert to /var/www/html/fog/management/other/ca.cert.pem
– Deploy server key to /opt/fog/snapins/ssl/.srvprivate.key

Assuming you have downloaded FOG to /root/fogproject – build iPXE as follows:

cd /root/fogproject/utils/cd FOGiPXE/
./buildipxe.sh /var/www/html/fog/management/other/ssl/srvpublic.crt
cd /root/fogproject/packages/tftp
find -type f -exec cp -Rfv {} /tftpboot/{} \;

Do adjustments to TFTP and FOG configuration

And you have to change the ip address to DNS FQDN in /tftpboot/default.ipxe:

root@fog:/tftpboot# cat default.ipxe
#!ipxe
cpuid –ext 29 && set arch x86_64 || set arch ${buildarch}
params
param mac0 ${net0/mac}
param arch ${arch}
param platform ${platform}
param product ${product}
param manufacturer ${product}
param ipxever ${version}
param filename ${filename}
param sysuuid ${uuid}
isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme
isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme
:bootme
chain https://fog.domain.tld/fog/service/ipxe/boot.php##params

And you have to adjust the WEB HOST configuration in the FOG website -> settings to the DNS FQDN:

Logon to the FOG webseite -> click on the wrench to access settings -> click on FOG settings -> scroll down the whole way to Web Server -> expand it and change the setting WEB HOST to „fog.domain.tld“.

Bitwarden with onprem install and usage of local smarthost with TLS on port 25

Bitwarden’s SMTP service  does behave a bit weird without some settings in the /opt/bitwarden/bwdata/env/global.override.env file.

For allow TLS on port 25 use the option „globalSettings__mail__smtp__sslOverride=true“.

For not using SSL and fix the mail service to TLS use the option „globalSettings__mail__smtp__ssl=false“.

You can find more information in the logfiles in /opt/bitwarden/bwdata/logs/events.

Example:

globalSettings__mail__replyToEmail=sender@domain.tld
globalSettings__mail__smtp__host=relay.domain.tld
globalSettings__mail__smtp__port=25
globalSettings__mail__smtp__ssl=false
globalSettings__mail__smtp__username=<not needed for open relay>
globalSettings__mail__smtp__password=<not needed for open relay>
globalSettings__disableUserRegistration=true
adminSettings__admins=bitwarden-admin@domain.tld
globalSettings__mail__smtp__sslOverride=true

Use GMX as smarthost / relay_host with Postfix with separate transport_map

Excerpt /etc/postfix/main.cf
———————-
transport_maps = hash:/etc/postfix/transport
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
sender_canonical_maps = hash:/etc/postfix/sender_canonical
smtp_tls_security_level = encrypt

 

Excerpt /etc/postfix/transport
————————
<mailaddress>@gmx.net smtp:mail.gmx.net:25

 

Excerpt /etc/postfix/sender_canonical
——————————-
root@proxmox sberg1@gmx.net

 

Excerpt /etc/postfix/sasl_password
—————————–
mail.gmx.net <mailaddress>@gmx.net:<password>

 

Execute postmap commands to create the hash db file from above transport / sender_canonical / sasl_password
—————————–
postmap transport
postmap sender_canonical
postmap sasl_password

 

Restart Postfix
————
systemctl restart postfix

 

Testing
——
mail -s test <mailaddress>@gmx.net
HINT: CC just hit <Enter> – then write the body followed by <Enter> and <.> (dot character) and again <Enter>- then quit the mail command by pressing <CTRL>-<D>

community.network.edgeos_config Problem with login to EdgeOS device

Prerequities so far:
ansible-galaxy collection install community.network
pip3 install paramiko

I had trouble to properly connect to an EdgeOS device with Ansible and the community.network.edgeos_config module.

First I tried to send authetication data with ansible_ssh_user and a vaulted password via ansible_ssh_password.

This left me with the error:
fatal: [edgerouter.heaven.grp]: FAILED! => {
„changed“: false,
„module_stderr“: „Expected unicode or bytes, got {‚__ansible_vault‘: ‚$ANSIBLE_VAULT;1.1;AES256…

I tried to replace the paramiko python module with libssh.py:
pip3 install ansible-pylibssh

This also did not work with the encrypted vault password variable.

So I tried to setup SSH login via ssh key.

For this you have to add your public key to the EdgeOS devicset system login set system login user ubnt authentication public-keys <keyid> type ssh-rsa
set system login user ubnt authentication public-keys <keyid> key  <publickey>

So passwordless login was possible from normal Ubuntu OS via SSH but login via Ansible was still not possible:
redirecting (type: modules) community.network.edgeos_config to community.network.network.edgeos.edgeos_config
fatal: [edgerouter.heaven.grp]: FAILED! => {
„changed“: false,
„module_stderr“: „ssh connection failed: Failed to authenticate public key: Access denied for ‚publickey‘. Authentication that can continue: publickey,password“,
„module_stdout“: „“,
„msg“: „MODULE FAILURE\nSee stdout/stderr for the exact error“
}

I found a bug that describes this problem in
https://github.com/ganeshrn/netcommon/blob/08c7e0f32655e99659dfac25870f470de43ae8f7/plugins/connection/libssh.py

Replacing the file here ~/.ansible/collections/ansible_collections/ansible/netcommon/plugins/connection/libssh.py with the file from the above commit solved the problem.

Query Netbox with Ansible to generate an Ansible inventory

1.
Make sure you use Ansible version >= 2.10.x
pip3 install –user –upgrade pip
pip3 install –user –upgrade ansible

2.
Install pynetbox
apt install python3-pip
pip install pynetbox –upgrade

3.
Install the Ansible module
ansible-galaxy collection install netbox.netbox

4.
Simple netbox-inventory YAML
# 02-netbox-inventory.yml

plugin: netbox.netbox.nb_inventory
api_endpoint: https://netbox.heaven.grp
token: api-key
validate_certs: false
config_context: false
group-by:
  – tags

5.
Install Netbox
Follow the Netbox installation guide
https://docs.netbox.dev/en/stable/installation/
Fill in some live in there

6.
Testing the generation of the Netbox inventory via ansible-inventory
ansible-inventory -i 02-netbox-inventory.yml –list

Kubuntu 21.10 on Asus Transformer T100TA with Touchscreen, Sound, Wi-Fi working

Main information based on:
https://github.com/5bentz/linux-asus-t100/blob/master/T100TA_guide.md

Added/removed some information based on my experience.

Grab 32bit efi boot loader from:
https://github.com/jfwells/linux-asus-t100ta/raw/master/boot/bootia32.efi

Download Kubuntu 21.10 ISO-file from Ubuntu homepage.

Use for example Rufus to write the ISO-file to an USB stick.

Copy over the bootia32.efi to the stick /EFI/boot.

Start from the stick.
Press ESC few times at boot time for one time boot menu.

Boot up the Kubuntu stick and choose try Kubuntu.

Open a terminal and start installation with sudo ubiquity -b.
Note: -b: So ubiquity installer won’t write a boot loader automatically.

Partitioning

Leave the 100mb efi partition.

Delete the windows partition.

Create a new ext4 partition and mount it to /

Install the system

After installation choose continue testing.

Fresh installation root partition is now mounted into /target

Mount also the 100mb efi partition to /target/boot/efi

Mount some local dirs to /target:
for dir in /dev /dev/pts /proc /sys /run; do mount –bind „$dir“ /target/“$dir“; done

Change root into the target root directory.
chroot /target /bin/bash

Install boot loader:
apt update
apt install grub-efi-ia32
grub-install –efi-directory=/boot/efi
update-grub

Set cstate parameter correctly.
Note: Otherwise system will halt randomly after approx. 30min runtime.
vi /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT=“intel_idle.max_cstate=1 quiet splash“
update-grub

Exit chroot.

Unmount /target/boot/efi

Reboot

Install onboard:
sudo apt isntall onboard

Install evdev-rce:
https://github.com/PeterCxy/evdev-right-click-emulation
Note: Change order of cc commands – move flags to the end of line. After make you just have to start the compiled binary for tap-and-hold-for-right-click capability.
Note: I’m rarely using this, because in practice I do not need the right click function for the touchscreen very often. So when needed I just run the binary, use the right-click and then exit the binary again. Letting it run in background can bring up problems with other touchscreen operations e.g. Onboard on screen keyboard.

Replace Pulseaudio with Pipewire:
Note: The default audio server Pulseaudio will let the sound crash after few minutes. Only a high frequent sinus tone is then emitted – will also bring problems with video playback then.
Note: When you want to stick with Pulseaudio you can recover from the crash with the pulseaudio -k command. I changed to Pipewire, as I could not find any permanent solution for Pulseaudio. A good starting point for further research could be: https://github.com/thesofproject/sof/issues/3868
sudo apt install pipewire*
sudo apt install libspa-0.2-bluetooth
Note: This lib is needed for Bluetooth audio working properly.

Disable powersaving function for Wi-Fi adapter:
cd /etc/NetworkManager/conf.d
mv default-wifi-powersave-on.conf default-wifi-powersave-off.conf
vi /etc/NetworkManager/conf.d/default-wifi-powersave-off.conf
[connection]
wifi.powersave = 2

Reboot

when you experience issues with not remembering tap to click on your touchpad on reattach, add to /usr/share/X11/x11.org.conf.d/40-libinput.conf:
Note: Remember to restart libinput by at minimum relogon.
Section „InputClass“
Identifier „Asus TouchPad“
MatchDriver „libinput“
MatchIsTouchpad „on“
Option „Tapping“ „true“
Option „NaturalScrolling“ „True“
EndSection

Samsung Health Data in Elasticsearch

Open Samsung Health App on the mobile phone.

Go to settings.

Scroll down and tap on download all personal data.

Confirm with your Samsung account password.

On the internal storage you find the data in the subfolder „Download“.

There you find the data splitted into CSV-files.

Bring the files up to a computer and there choose your relevant files (example: heartrate or sleepdata) to open them with Excel.
Crop the first line.

Navigate to your Kibana instance in browser.

There you can import the CSV-file. Choose a unique index name.

Then you can start visualize: